Firewall to Determine Access to a Portion of Memory

1. A method comprising: implementing a firewall operating in a secure domain between a plurality of processors and a pool of shared memory, such that the firewall is downstream from the plurality of processors; determining, by a trusted security agent that an access request is unaltered; receiving the access request, at the firewall, to access a portion of memory within the pool of shared memory from one processor of the plurality of processor; determining, by the firewall, whether the access request to access the portion of memory is allowed by identifying an address range associated with the one processor from which the access request is received, and determining, with the firewall, based on unmodifiable firewall configuration data when the one processor is operating in a non-secure domain, whether access to the address range is allowed by the processor and whether the processor is operating in a secure or non-secure domain; and allowing the access request to proceed based on the determination, wherein the firewall operates independently of address translation or mapping performed by the plurality of processors.

2. The method of claim 1 further comprising: receiving, via a secure channel from the trusted security agent, firewall configuration data, wherein the firewall determines whether the access request to access the portion of memory is allowed based on the firewall configuration data.

3. The method of claim 2 wherein the secure channel includes a process running on a processor that sends access requests, the process running with elevated execution privileges.

4. The method of claim 1 wherein the firewall is integrated with a memory module associated with the portion of memory.

5. The method of claim 1 , wherein the plurality of processors are connected to the pool of shared memory and physically access the pool of shared memory via one of a fabric or interconnect.

6. The method of claim 1 , wherein each of the plurality of processors comprise a system on a chip (SOC), and wherein every part of the pool of shared memory is physically accessible by each SOC via one of a memory interconnect or memory fabric.

7. The method of claim 6 , wherein each SOC is controlled by a separate operating system (OS) instance.

8. A system comprising: a pool of shared memory; a processor operating in a first security domain to attempt access to a portion of memory within the pool of shared memory; a trusted security agent controlling the firewall determining whether the attempt to access has been altered; and a firewall situated downstream from the processor and operating in a second security domain to determine whether the access is allowed independently of address translation or mapping performed by the processor, the determination based on firewall configuration data specifying whether access to an address range commensurate with the portion of memory is allowed, wherein the firewall configuration data cannot be modified by the processor when at least one of the processor is operating in the first security domain and when the trusted security agent determines that the attempt to access has been altered.

9. The system of claim 8 further comprising: the processor operating in a third security domain, wherein the firewall configuration data can be modified by the processor when operating in the third security domain.

10. The system of claim 9 wherein the first security domain is a normal execution environment and the third security domain is a trusted execution environment.

11. The system of claim 8 wherein the firewall is situated downstream from memory caches of the processor.

12. The system of claim 8 wherein all access from the processor to the portion of memory goes through the firewall.

13. The system of claim 8 wherein the processor and firewall are integrated within a single device.

14. The system of claim 8 , further comprising one of a memory interconnect or a memory fabric across which the processor is physically connect to the pool of shared memory, and through which every part of the pool of shared memory is made physically accessible to the processor.

15. A non-transitory processor readable medium containing thereon a set of instructions which when executed by a processor cause the processor to: receive, by an operating system running on the processor, a secure request from a security agent, the secure request to update a firewall configuration table, the firewall configuration table used by a firewall to determine whether access to a portion of memory is allowed, wherein the operating system cannot undetectably alter the secure request to update the firewall configuration table or a request to access the portion of memory; send the secure request to a local security agent, wherein the local security agent operates at a higher privilege level than the operating system; and update the firewall configuration table by the local security agent, wherein the firewall configuration table can only be updated when operating at the higher privilege level such that subsequent determinations regarding whether access to the portion of memory is allowed is based on the updated firewall configuration table.

16. The medium of claim 15 further comprising instructions to: send, by the local security agent, a secure response acknowledging the request to update, wherein failure to receive the response from the local security agent causes the security agent to take corrective action against the processor.

17. The medium of claim 16 wherein the corrective action is a reset of the processor.